Google Rethinks Android Market Security In Wake Of App Attacks10:25 AM EST Mon. Mar. 07, 2011
Google has vowed to tighten up the security of its Google Android Market after dozens of malware-containing applications made their way into the platform's apps marketplace last week, an attack that prompted Google to remotely wipe affected devices and blast a security update to users.
Last week, more than 50 malicious applications were discovered in the Google Android Market. The malicious apps, when downloaded, injected malware and could mine data from Google Android devices without the user knowledge. Google quickly pulled the plug on the developers of the apps, which mimicked legitimate applications to trick users into downloading them.
Google remained relatively silent about the threats until it published a Saturday blog post that outlined the Android-based attacks and threats and highlighted steps it will take to fortify the Android market. Security researches have said that Android has become a prime target for attackers as mobile device security threats increase.
"On Tuesday evening, the Android team was made aware of a number of malicious applications published to Android Market," wrote Android Security Lead Rich Cannings in the blog post. "Within minutes of becoming aware, we identified and removed the malicious applications."
Google said the applications took advantage of vulnerabilities that do not affect Android versions 2.2.2 or higher. The threat, dubbed DroidDream, gains root access to Android's operating system. According to Google, it gathers an Android device's IMEI number and IMSI number -- the numbers that identify the equipment and the SIM card. But it could be used gather additional information. DroidDream used a pair of exploits called exploid and rageagainstthecage to install itself onto the device.
Cannings said that Google removed the malicious applications from the Android Market, suspended the developers responsible and contacted law enforcement about the attack. Additionally, Google said it is remotely removing malicious applications from affected devices.
Cannings wrote that Google will also push an Android Market security update to all affected devices that undoes the exploits to prevent attackers from culling more information from the devices. Google said affected devices will receive an email from Android Market support sometime within the next 72 hours and also receive a notification on the device that "Android Market Security Tool March 2011" has been installed. Google noted that users do not need to take action and the update will take automatically.
And to prevent future threats, Google said it will take steps to ensure malicious malware doesn't make its way to the Android Market.
"We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues," Cannings wrote, not specifying what those security measures will entail.
The DroidDream attacks were a turnaround on previous Google Android-based threats, which had attacked Android devices via e-mail, malicious Web sites and apps downloaded from third-party stores, not the official Android Market.
"Apparently some malicious authors where not satisfied just sticking with this routine. We have become aware of a selection of malicious applications following this trend; however, they are available on the official Android Market," Symantec wrote in a blog post last week highlighting the new Android threats. "The applications in question are popular free apps, bundled with malware, that have then been republished in the official marketplace under different application and publisher names